Ruby on Rails implements a wonderful idea:
you pack your session as a JSON: {user_id : 15, ip : "23.45.67.89",
expire_at : 1234567780},
then you take base64 from it,
then you concat base64 with secret key and take sha1 from it.
Cookie = base64(Session) ++ "--" ++ sha1(base64(Session) ++ SecretKey)
later on each request you validate that session is signed properly,
check IP address, timeout and use your really stateless session.